- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
We’re very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application.
The technique was documented in a YouTube video over the weekend, which demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute, provided you have physical access to the device.
A Lenovo laptop was used in the video, posted by user stacksmashing, although other hardware will also be vulnerable. The technique also relies on having a Trusted Platform Module (TPM) separate from the CPU. In many cases, the two will be combined, in which case the technique shown cannot be used.
However, if you get your hands on a similarly vulnerable device secured with BitLocker, gaining access to the encrypted storage appears embarrassingly simple. The crux of it is sniffing out the key to the device as it is passed from TPM to CPU. The key is helpfully not encrypted.
This particular laptop had connections that could be put to use alongside a custom connector to access the signals between chips. Stir in an analyzer running on the Raspberry Pi Pico and for less than $10 in components, you can get hold of the master key for the laptop hardware.
Microsoft has long accepted that such attacks are possible, although it describes them as a “targeted attack with plenty of time; the attacker opens the case, solder, and uses sophisticated hardware or software.”
At less than a minute in the example, we’d dispute the “plenty of time” claim, and while the Raspberry Pi Pico is undoubtedly impressive for the price, at less than $10, the hardware spend is neither expensive nor specific.
If your hardware is vulnerable, mitigation can be achieved through the use of a PIN.
It’s enough to send administrators scurrying to their inventory lists to check for hardware they would be forgiven for assuming had been safely encrypted.
As one wag observed: “Congratulations! You found the FBI’s backdoor.”
deleted by creator